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Claims 



11. A network data processor system comprising a plurality of data packet 

2 processors coupled through a data switch fabric between network connection 

3 processors, wherein said data packet processors perform a data processing 

4 function over data contained within predetermined data packets, wherein said 

5 network connection processors include network interfaces coupleable to external 

6 data transmission networks and wherein said network connection processors 

7 provide for the selective routing of said predetermined data packets through said 

8 data switch fabric to load balance the processing of said predetermined data 

9 packets by said plurality of data packet processors. 

1 2. A network data packet processor system providing for the transfer of 

2 packets between first and second networks, said network data packet processor 

3 system comprising: 

4 a) a data packet switch including pluralities of first and second data ports 

5 coupled together to provide for the transfer of network data packets between 

6 respective first and second data ports; 

7 b) a plurality of data protocol processors coupled to a like plurality of said 

8 first data ports of said data packet switch, each data protocol processor being 

9 coupled to a respective first data port through a bidirectional packet transfer 

0 interface and including a protocol processing engine providing for the selective 

1 conversion of data contained within a predetermined network data pocket; and 
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1 2 b) input and output data transfer processors coupled to respective second 

1 3 data ports of said data packet switch, wherein said input data transfer processor 

1 4 selectively routes network data packets fronn said first network to said plurality of 

1 5 data protocol processors and said output data transfer processor routes network 

16 data packets from said plurality of protocol processors to said second network, 

1 7 and wherein said input data transfer processor balances the load of individual 

18 network data packets routed to said plurality of data protocol processors. 

1 3. A network gateway processor connprising: 

2 a) a switch providing data routing between input, output, and 

3 processing ports; 

4 b) an array of protocol processors coupled to respective processing 

5 ports, each said protocol processor providing for the conversion of network data 

6 packets fronn a first form to a second form; 

7 c) an input processor coupled between a first network and said input 

8 port, said input processor providing for the load balanced allocation of network 

9 data packets received from said first network to said array of protocol processors; 
10 and 

n d) an output processor coupled between a second network and said 

12 output port, wherein said array of protocol processors provide network data 

1 3 packets of said second form to said output processor for transfer to said second 

1 4 network. 
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1 4. The network gateway processor of Claim 3 wherein said input processor 

2 selectively associates conversion control data with network data packets provided 

3 to said array of protocol processors. 

1 5, The network gateway processor of Claim 4 wherein said conversion control 

2 data is provided with each network data packet provided to said array of protocol 

3 processors. 

1 6. The network gateway processor of Claim 5 wherein each said protocol 

2 processor includes a data form conversion engine and wherein operation of said 

3 data form conversion engine is defined by predetermined parameters identified 

4 by said conversion control data and wherein said predetermined parameters are 

5 applied to said data form conversion engine with respect to a corresponding 

6 network data packet. 

1 7. The network gateway processor of Claim 6 wherein said data form 

2 conversion engine includes an encryption engine. 

1 8. A method of operating a network gateway coupleable between first and 

2 second networks to implement a compute intensive data processing function on 

3 network data packets transferred between said first and second networks, said 

4 method comprising: 

5 a) receiving, by a first processor coupleable to said first network, network 

6 data packets; 
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7 b) selecting, from said received network data packets, predetermined 

8 network packets for routing through said network gateway; 

9 c) selectively distributing said predetermined network data packets to a 

10 plurality of second processors so as to enable utilization of the aggregate 

1 1 performance of said second processors in performing said compute intensive data 

1 2 processing function; 

13 d} processing, asynchronously, said predetermined network data packets 

14 as distributed by said plurality of second processors to convert each of said 

15 predetermined network data packets in accordance with said compute intensive 

16 data processing function to provide converted network data packets; 

1 7 e) collecting, by a third processor coupleable to said second network, said 

1 8 converted network data packets; and 

1 9 f) transferring said converted network data packets to said second network. 

1 9. The method of Claim 8 wherein said compute intensive data processing 

2 function one or a combination of functions selected from a group consisting of 

3 data encryption, decryption, compression, decompression, and protocol 

4 translation. 

1 10. The method of Claim 8 wherein said compute intensive data processing 

2 function is dependant on configuration parameters and wherein said method 

3 further comprising the steps of; 

4 a) obtaining said configuration parameters; and 

5 b) applying said configuration parameters, within said step of processing, 

6 to control the conversion of each of said predetermined network data packets. 
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1 n. The method of Claim 10 wherein said step of obtaining includes 

2 negotiating, by a fourth processor, a set of configuration parameters for a 

3 predetermined logical connection established through said network gateway 

4 between said first and second networks and wherein said step of applying 

5 includes selecting said set of configuration parameters with respect to a 

6 predetermined network packet associated with said predetermined logical 

7 connection. 

1 12. The method of Claim 1 1 further comprising the steps of: 

2 a) distributing, by said fourth processor to said first processor, said set of 

3 configuration parameters; and 

4 b) associating, by said first processor, said set of configuration parameters 

5 with said predetermined network packet such that said set of configuration 

6 parameters is passed, in combination with said predetermine network packet by 

7 said step of selectively distributing, to a predetermined one of said plurality of 

8 second processors. 

1 1 3. The method of Claim 1 1 further comprising the steps of: 

2 a) distributing, by said fourth processor to said second processors, said set 

3 of configuration parameters; and 

4 b) associating, by a predetermined one of said second processors, said set 

5 of configuration parameters with said predetermined network packet as passed 

6 by said step of selectively distributing, to said predetermined one of said plurality 

7 of second processors. 
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1 14. The method of Claim 1 2 wherein said compute intensive data processing 

2 function one or a combination of functions selected from a group consisting of 

3 data encryption, decryption, compression, decompression, and protocol 

4 translation. 

1 1 5. The method of Claim 1 4 wherein said compute intensive data processing 

2 function implements a conversion between an IP protocol and an IPsec protocol, 

1 16. A method of performing compute intensive protocol transformation 

2 functions on network data, said method comprising the steps of: 

3 a) receiving, through a first network connection, select network data 

4 packets for protocol transformation; 

5 b) distributing said select network data packets to a plurality of protocol 

6 transformation processors; 

7 c) converting, by said plurality of protocol transformation processors, said 

8 select network data packets in accordance with said protocol transformation to 

9 provide converted network data packets; 

10 d) collecting said converted network data packets from said plurality of 

1 1 protocol transformation processors; and 

1 2 e) sending said converted network data packets through a second network 

13 connection. 

1 17. The method of Claim 16 wherein said step of converting includes 

2 determining for each select network data packet a corresponding set of 
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3 parameters for use in performing said protocol transformation, said method 

4 further comprising the step of dynamically developing said corresponding set of 

5 parameters. 

1 1 8. The method of Claim 1 7 wherein said corresponding set of parameters is 

2 dynamically developed for a logical connection established between said first and 

3 second network connections. 

1 19. The method of Claim 18 wherein said protocol transformation is an 

2 implementation of a secure IP protocol. 

1 20. The method of Claim 1 9 wherein said logical connection is a virtual private 

2 network and wherein said protocol transformation implements a conversion 

3 between an IP protocol and an IPsec protocol. 

1 21. A network gateway supporting a compute intensive protocol processing 

2 function for transferred data packets, said network gateway comprising: 

3 a) a switch fabric implementing programmable channel transfer of data 

4 between first, second, and third fabric interface ports; 

5 b) an ingress processor coupleable to a first network and coupled to said 

6 first fabric interface port to transfer data packets defined in accordance with a first 

7 protocol format from said first network to said switch fabric; 

8 c) an egress processor coupleable to a second network and coupled to said 

9 second fabric interface port to transfer data packets defined in accordance with 
10 a second protocol format from said switch fabric to said second network; and 
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11 d) a parallel array of protocol processors coupled to respective instances 

1 2 of said third interface port of said switch fabric to receive data packets from said 

13 ingress processor and send data packets to said egress processor, said parallel 

14 array of protocol processors implementing a compute intensive network packet 

1 5 transformation function between said first and second protocol formats for data 

16 packets passed through said parallel array of protocol processors; 

1 7 whereby the aggregate throughput performance of said parallel array of 

1 8 protocol processors directly supports the throughput performance of said ingress 

19 processor. 

1 22. The network gateway of Claim 21 wherein said ingress processor 

2 determines the distribution of received data packets to the individual protocol 

3 processors of said parallel array. 

1 23. The network gateway of Claim 22 further comprising a control processor 

2 coupled within said network gateway to communicate protocol processing 

3 parameters to said parallel array of protocol processors to selectively control the 

4 execution of said compute intensive network packet transformation function by the 

5 individual protocol processors of said parallel array. 

1 24, The network gateway of Claim 23 wherein said protocol processing 

2 parameters are transferred by said control processor to said ingress processor 

3 and wherein said ingress processor selectively associates said protocol processing 

4 parameters with data packets transferred to said parallel array of protocol 

5 processors. 
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1 25. The network gateway of Claim 23 wherein said compute intensive network 

2 packet transformation function implements a secure IP protocol, wherein said 

3 protocol processing parameters are dynamically negotiated by said control 

4 processor according to said secure IP protocol. 

1 26. The network gateway of Claim 25 wherein said control processor is 

2 coupled through said switch fabric to transfer said protocol processing parameters 

3 to a data table stored by said ingress processor, wherein said ingress processor 

4 dynamically attaches headers selectively containing said protocol processing 

5 parameters to data packets prior to transfer to said parallel array of protocol 

6 processors, the selection of said protocol processing parameters being dependent 

7 on information contained in respective data packets. 

1 27. The network gateway of Claim 26 wherein each protocol processor of said 

2 parallel array includes a data table, wherein said control processor is coupled 

3 through said switch fabric to transfer said protocol processing parameters to each 

4 said data table, and wherein each protocol processor of said parallel array 

5 determines from received data packet select parameters of said protocol 

6 processing parameters to use in said compute intensive network packet 

7 transformation function as implemented by respective ones of said parallel array. 
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